Monday, September 19, 2016

Using Static Analysis to Improve IIoT Device Security

The Industrial Internet of Things is unique in that devices that compose industrial control systems are often insecure due to limitations in their design and capability. On top of that, the protocols used to communicate are not secure, with a dangerous reliance on physical security, such as keeping devices on a local network). System-level implementation of security is required as part of that secure software design and development.

Industrial devices suffer the same challenges as all IoT devices, such as being increasingly targeted by attackers, having traditionally poor built-in security, and having large deployments of legacy devices, all while increasing machine-to-machine connectivity.

However, IIoT devices have unique requirements:

They are hardware-limited in terms of processing capabilities for many modern security features, such as encryption, networks stacks, and built-in firewalls.

They often control critical infrastructure, which makes the possible outcomes of cyber-attacks much more serious.

Industrial controllers and SCADA systems have different communication protocols and standards than home or office devices.

Various other factors, including extremely long product lifecycles and difficulty in updating firmware and hardware compared to other devices.

These additional challenges exacerbate the security challenge for development teams in IIoT.

Four Steps to Improve IIoT SecurityThe four-step improvement process for IoT devices applies equally to IIoT devices with extra consideration for these challenges. Incorporating the following four major steps into an embedded software-development process can improve security (and quality) for highly-connected devices. The four-step process:

design with a security first philosophy,

use and repeat system-wide threat assessments and analysis,

use tools as much as possible, and

use advanced source and binary code analysis to ensure the quality and security of third-party code.

Static analysis tools like GrammaTech’s CodeSonar provide critical support in the coding and integration phases of development. Ensuring continuous code quality, both in the development and maintenance phases, greatly reduces the costs and risks of security and quality issues in software. In particular, static analysis provides some of the following benefits:

Continuous source-code quality and security assurance: As each new code block is written (file or function), it can be scanned by static analysis tools, detecting errors and vulnerabilities (and maintaining secure coding standards, discussed below) in the source before it enters the build system.Tainted data detection and analysis: Analysis of the dataflows from sources (i.e. interfaces) to "sinks" (where data gets used in a program) is critical in detecting potential vulnerabilities from tainted data (containing potential exploit payloads).

Assessing the quality and security of third-party code: Most projects are not greenfield development and require the use of existing code within a company or from a third party. Performing testing and dynamic analysis on a large existing codebase is hugely time consuming and may exceed the limits on the budget and schedule. Static analysis is particularly suited to analyzing large codebases and providing meaningful errors and warnings that indicate both security and quality issues. CodeSonar's binary analysis can analyze binary-only libraries and provide similar reports as source analysis when source is not available. In addition, binary analysis can work in a mixed source and binary mode to detect errors in the usage of external binary libraries from the source code.

As part of a complete tools suite, static analysis provides key capabilities that other tools cannot. The payback for adopting static analysis is the early detection of errors and vulnerabilities that traditional testing tools may miss. This helps ensure a high level of quality and security on an on-going basis.

Machine-to-machine (M2M) and IIoT device manufacturers, incorporating a security-first design philosophy with formal threat assessments and automated tools, will produce devices that are better secured against the accelerating threats on the Internet. Modifying an existing successful software-development process that includes security at the early stages of product development is key. A smart use of automated tools to both develop new code and secure existing and third-party code allows development teams to meet strict budget and schedule constraints. Static analysis of both source and binaries plays a key role in a security-first development toolset.

No comments:

PLATINUM SPONSOR

Flaherty Publishing

By looking across all the different technologies and markets in the embedded space, this blog pulls together trends and opportunities through exclusive news, video and comment that you might not have seen from sites dedicated to individual topic areas. The labels below allow you to select your own interest areas, and please look through the archive.